A recent article in Forbes stated that cybercrime costs are expected to exceed $2 trillion next year.
The biggest challenge we hear from our customers is that:
Technology is changing at such a fast pace that’s it’s harder than ever to keep up with the latest frauds and government regulations.
In 2018, we saw cybersecurity fraud increase in number, size, and sophistication. Cybercriminals know that most people are aware of the scams that happen online. This has forced them to come up with a new way to get into your organization:
Fraudsters do this by focusing on building credibility and rapport while leveraging technology to assist them.
Through extensive research, we’ve found that fraudsters are now trying to come across as real people who are legitimately part of the transaction network.
In this article, we want to show you how it’s done so you can take the necessary steps to prevent this from happening.
So here’s our 2019 Fraud Trends Forecast.
CEO fraud is on the rise
Cybercriminals know that human psychology is the weakest link when infiltrating a company to gather sensitive data.
Here’s how it works:
The cybercriminal pretends to be a high-level employee of a company. Using this identity, they reach out to the transaction network with fake authority and bluff them and others involved into acting on their fraudulent instructions.
What makes this scam unique is that it’s so simple. All the information they need can easily be found online and doesn’t require any special skills to execute.
It’s simply manipulating people.
They’ll search your company’s website, look on LinkedIn to see who works there, and use other tools such as Facebook and Twitter to gather personal information on their target.
Once that’s done, it’s just a matter of lying their way through the company hierarchy to get all of the information they need to execute their cyber attack.
Phishing is always evolving
While this form of fraud has been around for a long time, people continue to fall victim, because cybercriminals are constantly creating new versions of the scam.
Here’s how they manage to do it:
With, phishing a cybercriminal sends out fake emails to a group of people, asking them to take a specific action.
In the past, these emails looked “scammy,” were easy to recognize, and the masses learned to avoid them. But these days, cybercriminals are tailoring their emails to the recipients.
They’ll address their victims by name, use the company logo, the same company branding, and will even hack an employee’s email to see how they communicate with their coworkers.
These emails look as if they came from a real company and a trusted person in their victim’s transaction network. And since our work days are fast-paced and our inboxes full, at a quick glance, most people intuitively respond to these emails.
So if you (or a team member) are going through a big transaction, please keep an eye on the email addresses, formatting, wording and anything else.
After all, someone may have tapped into your inbox and could be posing as a trusted party in the transaction network.
Mobile fraud is breaking new ground
That’s not surprising since we mostly communicate with each other through emails, texts, and phone calls. The problem is cybercriminals now have three different ways to attack you on a single device.
They’ve also taken notice of our behaviors on a smartphone. Everything we do is quick and intuitive. A notification comes through; we open it and respond immediately because it’s only a click away.
So if it looks legit, we seldom check to see if it could be fraudulent. Because of this, we have seen a rise in two types of mobile fraud: Caller ID spoofing and malware.
ANI Spoofing (Caller ID Spoofing):
A form of social engineering, this is when a cybercriminal makes a fake phone number show up on their recipient’s caller ID display. This fraud is extremely dangerous because it can be paired up with other types of scams.
Take CEO fraud for instance:
If the victim receives a phone call and comes across a high-level employee, it’s very believable. Should they check after the call to see if it was legit, the number will match.
That’s what makes this type of fraud very hard to detect. The signs all point towards it being a trusted party on the other end of the line.
Not too long ago, you needed to download a file or application to get malware.
Now, it’s become so advanced that if you open up an infected email message, the malware will install and run on your computer’s memory.
This means it’s harder to detect since most antivirus programs only scan your hard drive. To make matters worse, once you shut down or restart your computer, the malware disappears.
Users can get attacked and have no idea all this is going on in the background. And when they try to trace where the attack came from, they won’t know either.
So be careful when opening up emails from recipients that you don’t personally know.
Third-party solutions will become the norm
Most people don’t have the time or resources to keep up to date and to check the nitty-gritty details of everything done in a transaction.
Companies are also starting to realize that it’s better to be safe than sorry. The damages from cyber fraud not only affect their business but their clients too.
In many states, they could be held responsible for failing to prevent a cyber attack. They’ll have to pay for notification expenses, legal fees, and so much more.
As a result, many business owners turn to third-party solutions like insurance for help. (Though, even insurance often fails them.)
At CertifID, we have a unique process to help you confirm identity and securely share bank account information.
When people involved in the transaction receive a CertifID request, their devices will be analyzed, their identity confirmed, and two-factor authentication checked. We do all the hard work for you so there’s no need to change your wire system, bank, or existing software either.